|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
LDAP lookups from a Windows 2003 AD Server
From: Sven Riedel (sr
baghus.net)
Date: Mon May 02 2005 - 01:50:37 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
I've recently fiddled with this, and found that trying to
query a search_base that was not an OU or does not include
an OU will result in an "Operations Error (1)", even though
the ldap query bound successfully to the LDAP service on
the AD server.
So things like search_base="dc=my,dc=domain" won't work,
which is not good, since (according to my collegues who
know a lot more about windows than I do), some shared
folders can be assigned their own public smtp addresses
and those aren't usually stored in an OU.
One (and so far the only) way around this that I have found
was changing the setting dsHeuristics to 0000002 in
CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=my,DC=domain
via the adsieditor.
This setting enables anonymous ldap queries, even to non
OU ldap containers.
I'm still investigating the security impact this has on
the AD service - even information from microsoft is scarce.
Just a heads up for all that have been having problems with this :)
(Maybe something for the Notes section of the LDAP README?)
Regs,
Sven
------------------------------------------
BAGHUS GmbH
EDV und Internetdienstleistungen
Staffelseestr. 2
81477 München
Tel.: 0 89 / 8 71 81 - 4 84
Fax.: 0 89 / 8 71 81 - 4 88
www.baghus.net, infobaghus.net
HRB: 144283, USt-IdNr: DE224865405
------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]